diff options
author | Konstantin Khlebnikov <khlebnikov@yandex-team.ru> | 2016-04-18 14:37:10 +0300 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2016-04-19 20:09:25 -0400 |
commit | 2309236c13feae619572324efd3e910e66ef6bd0 (patch) | |
tree | f3d9a2a3469383ce8a93fb1e5fb9f1b487b55dd7 | |
parent | 851b10d60879539bec8acecb35ed361393399282 (diff) |
cls_cgroup: get sk_classid only from full sockets
skb->sk could point to timewait or request socket which has no sk_classid.
Detected as "BUG: KASAN: slab-out-of-bounds in cls_cgroup_classify".
Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | include/net/cls_cgroup.h | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/include/net/cls_cgroup.h b/include/net/cls_cgroup.h index c0a92e2c286d..74c9693d4941 100644 --- a/include/net/cls_cgroup.h +++ b/include/net/cls_cgroup.h @@ -17,6 +17,7 @@ #include <linux/hardirq.h> #include <linux/rcupdate.h> #include <net/sock.h> +#include <net/inet_sock.h> #ifdef CONFIG_CGROUP_NET_CLASSID struct cgroup_cls_state { @@ -63,11 +64,13 @@ static inline u32 task_get_classid(const struct sk_buff *skb) * softirqs always disables bh. */ if (in_serving_softirq()) { + struct sock *sk = skb_to_full_sk(skb); + /* If there is an sock_cgroup_classid we'll use that. */ - if (!skb->sk) + if (!sk || !sk_fullsock(sk)) return 0; - classid = sock_cgroup_classid(&skb->sk->sk_cgrp_data); + classid = sock_cgroup_classid(&sk->sk_cgrp_data); } return classid; |